Spammers posting through existing accounts with no need to login?

Ok so started getting a lot of spam trying to sign up on one of my forums, which the spam filter is picking up for manual approve. I reject them and they keep coming back. So possibly a bot? Same IP address, but different spammy email address each time. It's a Ukrainian IP.

Is there a way I can just block this IP address from trying to register? Or would that let them know they're blocked?
 
Two ways to block the IP:
  • From XenForo Admin: Users > Banned IP Addresses > add the IP there and the forum will not let visitors from that IP access any page on the forum, without a reason being displayed. A bot would not read a reason anyway. I think you will see them in the Who's Online page.
  • From your .htaccess file: use the Apache directives to deny the IP from even reaching the forum - works much faster but needs a bit of manual tinkering. You will no longer see that traffic in your forum's visitors page at all.
There's a third way as well, if you move your domain's DNS to CloudFlare and start using their traffic proxying services (a very generous free package that's good enough for most sites): you can set advanced filters there for banning entire countries, or TOR services, or ISPs' AS Numbers with all their (tens or hundreds of) subnets, if you need such a scale of service denial.
 
As far as I know, no, you just enable the proxying in the DNS configuration, and then you can use the security-firewall section for any filtering you want to apply. That traffic will be analyzed and, if necessary, blocked when it hits CloudFlare, before it reaches your server. Just make sure you have the right SSL/TLS configuration set up when you proxy the traffic, so you don't get into some weird circular redirection loops.

For a single IP to be banned, it might be overkill though.
 
So far 2fa works for me as temporary solution but 2fa is not convenient to regular users
 
Last edited:
Top Bottom